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Packet Switched device 
sends registration request 
with its extension as part 
of the message. 
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Gatekeeper looks up the extension 
and finds the administered pin. Uses 
a random number to build a 
challenge string and sends the 
message to packet switched device. 
Meanwhile, gatekeeper encrypts the 
challenge string using pin as key and 
extracts a signature. 



Packet switched device encrypts 
the challenge string using the pin 
as key. Sends the signature as 
the result to the gateway. 
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Gatekeeper verifies the response 
corresponds with its computed signature. 
If correct, proceeds with the registration 
of the packet switched device. 
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FIG. 1B 
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When packet switched device powers up or resets, 
it broadcasts a DHCP message. DHCP server (not 
shown) issues an IP address to packet switched 
device and provides the IP address of key server. 




Packet switched device attempts to establish 
secure communications with the Secure File 
Service residing on the key server. If the packet 
switched device cannot be authenticated, it 
attempts to get its configuration files from the Non- 
Secure File Service on the key server. 



If authentication is successful, secure 
communications are established between the 
packet switched device and the Secure File 
Service on the key server. 
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Packet switched device requests master key, 
Kg, and generator, g. The packet switched 
device also sends the extension since the 
generator, g, is dependent on the packet 
switched device extension. 
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The Key generating agent generates a unique symmetric key 
and generator, g. The Key File Generation process places 
the information in a Key File which is in a format appropriate 
for the packet switched device. The Secure File Service 
sends the Key file to the packet switched device. Also 
included in the Key file is the Master Key Check Value, CVm. 



Fig. 3 
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The packet switched device sends the application server gatekeeper software a 
request message, GRQ, to register with the gatekeeper software. GRQ message 
includes g, Re, EXT, CVm and ICV computed based on Ka. 
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Upon receipt of GRQ from packet switched device, application server gatekeeper 
software requests authentication from the Advanced Secure File Service residing on 
key server to establish a trusted communications channel with the key server and 

receive the Kg for this extension. 






If authentication is successful, the application server uses the Session ID to establish 
the trusted communications. Once the trusted communications are established, the 
key server Advanced Secure File Service provides Kg for this extension to the 
application server gatekeeper software. 






Application server gatekeeper software now can begin to authenticate the packet 
switched device. Application server gatekeeper software verifies the 
content of the GRQ message, and, if correct, sends the gatekeeper confirm message, 
GCF, which includes Rg, Re and ICV signed by Ka. 
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The packet switched device authenticates the GCF message and in response sends 
the request registration message, RRQ which includes Re, Rg and ICV signed by Ka. 
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The application server gatekeeper software authenticates the RRQ message and if 
valid, sends the registration confirm message, RCF, which includes session ID (SID) 
along with Re, Rg and IVC signed by Ka. j 
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The packet switched device computes the Session Pre-Master Key, Ks, from which it 
i calculates the TLS Session Master Key. 
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The application server gatekeeper software registers the packet switched device 

Once the packet switched device is registered, the packet switched device 
establishes a secure communication channel between itself and the application 
server using the SID and the Session Pre-Master Key, Ks. 





Fig. 4 



